npm - @strapi/plugin-users-permissions - Versions diffs - 4.0.0-next.7 → 4.0.1 - Mend

@strapi/plugin-users-permissions 4.0.0-next.7 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

package/admin/src/components/BoundRoute/getMethodColor.js +41 -0
package/admin/src/components/BoundRoute/index.js +40 -24
package/admin/src/components/FormModal/Input/index.js +121 -0
package/admin/src/components/FormModal/index.js +123 -0
package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +19 -26
package/admin/src/components/Permissions/PermissionRow/SubCategory.js +118 -0
package/admin/src/components/Permissions/PermissionRow/index.js +9 -48
package/admin/src/components/Permissions/index.js +36 -24
package/admin/src/components/Permissions/init.js +1 -6
package/admin/src/components/Policies/index.js +46 -47
package/admin/src/components/UsersPermissions/index.js +29 -26
package/admin/src/components/UsersPermissions/init.js +1 -2
package/admin/src/hooks/useFetchRole/index.js +17 -7
package/admin/src/hooks/useForm/index.js +3 -29
package/admin/src/hooks/useForm/reducer.js +2 -21
package/admin/src/hooks/usePlugins/index.js +12 -21
package/admin/src/hooks/usePlugins/reducer.js +0 -3
package/admin/src/index.js +29 -34
package/admin/src/pages/AdvancedSettings/index.js +210 -193
package/admin/src/pages/AdvancedSettings/utils/api.js +13 -0
package/admin/src/pages/AdvancedSettings/utils/layout.js +96 -0
package/admin/src/pages/AdvancedSettings/utils/schema.js +21 -0
package/admin/src/pages/EmailTemplates/components/EmailForm.js +173 -0
package/admin/src/pages/EmailTemplates/components/EmailTable.js +116 -0
package/admin/src/pages/EmailTemplates/index.js +125 -198
package/admin/src/pages/EmailTemplates/utils/api.js +13 -0
package/admin/src/pages/Providers/index.js +208 -216
package/admin/src/pages/Providers/utils/api.js +21 -0
package/admin/src/pages/Providers/utils/forms.js +168 -126
package/admin/src/pages/Roles/CreatePage/index.js +155 -147
package/admin/src/pages/Roles/EditPage/index.js +162 -134
package/admin/src/pages/Roles/ListPage/components/TableBody.js +96 -0
package/admin/src/pages/Roles/ListPage/index.js +176 -156
package/admin/src/pages/Roles/ListPage/utils/api.js +28 -0
package/admin/src/pages/Roles/index.js +14 -8
package/admin/src/translations/ar.json +0 -8
package/admin/src/translations/cs.json +0 -8
package/admin/src/translations/de.json +0 -8
package/admin/src/translations/dk.json +0 -8
package/admin/src/translations/en.json +33 -12
package/admin/src/translations/es.json +0 -8
package/admin/src/translations/fr.json +0 -8
package/admin/src/translations/id.json +0 -8
package/admin/src/translations/it.json +0 -8
package/admin/src/translations/ja.json +0 -8
package/admin/src/translations/ko.json +93 -54
package/admin/src/translations/ms.json +0 -8
package/admin/src/translations/nl.json +0 -8
package/admin/src/translations/pl.json +0 -8
package/admin/src/translations/pt-BR.json +0 -8
package/admin/src/translations/pt.json +0 -8
package/admin/src/translations/ru.json +0 -8
package/admin/src/translations/sk.json +0 -8
package/admin/src/translations/sv.json +0 -8
package/admin/src/translations/th.json +0 -8
package/admin/src/translations/tr.json +0 -8
package/admin/src/translations/uk.json +0 -8
package/admin/src/translations/vi.json +0 -8
package/admin/src/translations/zh-Hans.json +5 -14
package/admin/src/translations/zh.json +0 -8
package/admin/src/utils/axiosInstance.js +36 -0
package/admin/src/utils/formatPluginName.js +26 -0
package/admin/src/utils/index.js +1 -0
package/documentation/1.0.0/overrides/users-permissions-Role.json +6 -6
package/documentation/1.0.0/overrides/users-permissions-User.json +7 -7
package/jest.config.front.js +10 -0
package/package.json +35 -32
package/server/bootstrap/index.js +20 -25
package/server/config.js +3 -3
package/server/content-types/index.js +3 -3
package/server/content-types/permission/index.js +30 -3
package/server/content-types/role/index.js +47 -3
package/server/content-types/user/index.js +65 -4
package/server/controllers/auth.js +85 -237
package/server/controllers/content-manager-user.js +183 -0
package/server/controllers/index.js +12 -6
package/server/controllers/permissions.js +26 -0
package/server/controllers/role.js +77 -0
package/server/controllers/settings.js +85 -0
package/server/controllers/user.js +119 -45
package/server/controllers/validation/auth.js +29 -0
package/server/controllers/validation/user.js +38 -0
package/server/graphql/index.js +44 -0
package/server/graphql/mutations/auth/email-confirmation.js +39 -0
package/server/graphql/mutations/auth/forgot-password.js +38 -0
package/server/graphql/mutations/auth/login.js +38 -0
package/server/graphql/mutations/auth/register.js +39 -0
package/server/graphql/mutations/auth/reset-password.js +41 -0
package/server/graphql/mutations/crud/role/create-role.js +37 -0
package/server/graphql/mutations/crud/role/delete-role.js +28 -0
package/server/graphql/mutations/crud/role/update-role.js +38 -0
package/server/graphql/mutations/crud/user/create-user.js +48 -0
package/server/graphql/mutations/crud/user/delete-user.js +42 -0
package/server/graphql/mutations/crud/user/update-user.js +49 -0
package/server/graphql/mutations/index.js +42 -0
package/server/graphql/queries/index.js +13 -0
package/server/graphql/queries/me.js +17 -0
package/server/graphql/resolvers-configs.js +37 -0
package/server/graphql/types/create-role-payload.js +11 -0
package/server/graphql/types/delete-role-payload.js +11 -0
package/server/graphql/types/index.js +21 -0
package/server/graphql/types/login-input.js +13 -0
package/server/graphql/types/login-payload.js +12 -0
package/server/graphql/types/me-role.js +14 -0
package/server/graphql/types/me.js +16 -0
package/server/graphql/types/password-payload.js +11 -0
package/server/graphql/types/register-input.js +13 -0
package/server/graphql/types/update-role-payload.js +11 -0
package/server/graphql/utils.js +27 -0
package/server/index.js +21 -0
package/server/middlewares/index.js +2 -2
package/server/{policies → middlewares}/rateLimit.js +3 -7
package/server/register.js +11 -0
package/server/routes/admin/index.js +10 -0
package/server/routes/admin/permissions.js +20 -0
package/server/routes/admin/role.js +79 -0
package/server/routes/admin/settings.js +95 -0
package/server/routes/content-api/auth.js +73 -0
package/server/routes/content-api/index.js +11 -0
package/server/routes/content-api/permissions.js +9 -0
package/server/routes/content-api/role.js +29 -0
package/server/routes/content-api/user.js +61 -0
package/server/routes/index.js +4 -3
package/server/services/index.js +10 -8
package/server/services/jwt.js +9 -17
package/server/services/providers.js +32 -33
package/server/services/role.js +177 -0
package/server/services/user.js +9 -15
package/server/services/users-permissions.js +140 -338
package/server/strategies/users-permissions.js +123 -0
package/server/utils/index.d.ts +2 -0
package/strapi-admin.js +3 -0
package/strapi-server.js +1 -19
package/admin/src/assets/images/logo.svg +0 -1
package/admin/src/components/BaselineAlignement/index.js +0 -33
package/admin/src/components/Bloc/index.js +0 -10
package/admin/src/components/BoundRoute/Components.js +0 -78
package/admin/src/components/ContainerFluid/index.js +0 -13
package/admin/src/components/FormBloc/index.js +0 -61
package/admin/src/components/IntlInput/index.js +0 -38
package/admin/src/components/ListBaselineAlignment/index.js +0 -8
package/admin/src/components/ListRow/Components.js +0 -74
package/admin/src/components/ListRow/index.js +0 -35
package/admin/src/components/ModalForm/Wrapper.js +0 -12
package/admin/src/components/ModalForm/index.js +0 -59
package/admin/src/components/Permissions/ListWrapper.js +0 -9
package/admin/src/components/Permissions/PermissionRow/BaselineAlignment.js +0 -7
package/admin/src/components/Permissions/PermissionRow/RowStyle.js +0 -28
package/admin/src/components/Permissions/PermissionRow/SubCategory/ConditionsButtonWrapper.js +0 -13
package/admin/src/components/Permissions/PermissionRow/SubCategory/PolicyWrapper.js +0 -8
package/admin/src/components/Permissions/PermissionRow/SubCategory/SubCategoryWrapper.js +0 -26
package/admin/src/components/Permissions/PermissionRow/SubCategory/index.js +0 -116
package/admin/src/components/Policies/Components.js +0 -26
package/admin/src/components/PrefixedIcon/index.js +0 -27
package/admin/src/components/Roles/EmptyRole/BaselineAlignment.js +0 -7
package/admin/src/components/Roles/EmptyRole/index.js +0 -27
package/admin/src/components/Roles/RoleListWrapper/index.js +0 -17
package/admin/src/components/Roles/RoleRow/RoleDescription.js +0 -9
package/admin/src/components/Roles/RoleRow/index.js +0 -45
package/admin/src/components/Roles/index.js +0 -3
package/admin/src/components/SizedInput/index.js +0 -24
package/admin/src/pages/AdvancedSettings/reducer.js +0 -65
package/admin/src/pages/AdvancedSettings/utils/form.js +0 -52
package/admin/src/pages/EmailTemplates/CustomTextInput.js +0 -105
package/admin/src/pages/EmailTemplates/Wrapper.js +0 -36
package/admin/src/pages/EmailTemplates/reducer.js +0 -58
package/admin/src/pages/EmailTemplates/utils/forms.js +0 -81
package/admin/src/pages/Roles/ListPage/BaselineAlignment.js +0 -8
package/server/content-types/permission/schema.json +0 -48
package/server/content-types/role/schema.json +0 -46
package/server/content-types/user/schema.json +0 -66
package/server/controllers/user/admin.js +0 -230
package/server/controllers/user/api.js +0 -174
package/server/controllers/users-permissions.js +0 -271
package/server/middlewares/users-permissions.js +0 -36
package/server/policies/index.js +0 -11
package/server/policies/isAuthenticated.js +0 -9
package/server/policies/permissions.js +0 -94
package/server/routes/routes.json +0 -381
package/server/schema.graphql.js +0 -317

package/server/services/providers.js CHANGED Viewed

@@ -6,15 +6,18 @@
 // Public node modules.
 const _ = require('lodash');
-const request = require('request');
+const jwt = require('jsonwebtoken');
+const urlJoin = require('url-join');
-// Purest strategies.
-const purest = require('purest')({ request });
-const purestConfig = require('@purest/providers');
 const { getAbsoluteServerUrl } = require('@strapi/utils');
-const jwt = require('jsonwebtoken');
 module.exports = ({ strapi }) => {
+  // lazy load heavy dependencies
+  const request = require('request');
+  // Purest strategies.
+  const purest = require('purest')({ request });
+  const purestConfig = require('@purest/providers');
   /**
    * Helper to get profiles
    *
@@ -25,13 +28,8 @@ module.exports = ({ strapi }) => {
   const getProfile = async (provider, query, callback) => {
     const access_token = query.access_token || query.code || query.oauth_token;
-    const grant = await strapi
-      .store({
-        environment: '',
-        type: 'plugin',
-        name: 'users-permissions',
-        key: 'grant',
-      })
+    const providers = await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })
       .get();
     switch (provider) {
@@ -66,7 +64,7 @@ module.exports = ({ strapi }) => {
               // Combine username and discriminator because discord username is not unique
               var username = `${body.username}#${body.discriminator}`;
               callback(null, {
-                username: username,
+                username,
                 email: body.email,
               });
             }
@@ -203,8 +201,8 @@ module.exports = ({ strapi }) => {
         const twitter = purest({
           provider: 'twitter',
           config: purestConfig,
-          key: grant.twitter.key,
-          secret: grant.twitter.secret,
+          key: providers.twitter.key,
+          secret: providers.twitter.secret,
         });
         twitter
@@ -227,8 +225,8 @@ module.exports = ({ strapi }) => {
       case 'instagram': {
         const instagram = purest({
           provider: 'instagram',
-          key: grant.instagram.key,
-          secret: grant.instagram.secret,
+          key: providers.instagram.key,
+          secret: providers.instagram.secret,
           config: purestConfig,
         });
@@ -300,7 +298,7 @@ module.exports = ({ strapi }) => {
         twitch
           .get('users')
-          .auth(access_token, grant.twitch.key)
+          .auth(access_token, providers.twitch.key)
           .request((err, res, body) => {
             if (err) {
               callback(err);
@@ -405,7 +403,7 @@ module.exports = ({ strapi }) => {
       }
       case 'auth0': {
         const purestAuth0Conf = {};
-        purestAuth0Conf[`https://${grant.auth0.subdomain}.auth0.com`] = {
+        purestAuth0Conf[`https://${providers.auth0.subdomain}.auth0.com`] = {
           __domain: {
             auth: {
               auth: { bearer: '[0]' },
@@ -444,7 +442,7 @@ module.exports = ({ strapi }) => {
         break;
       }
       case 'cas': {
-        const provider_url = 'https://' + _.get(grant['cas'], 'subdomain');
+        const provider_url = 'https://' + _.get(providers.cas, 'subdomain');
         const cas = purest({
           provider: 'cas',
           config: {
@@ -522,23 +520,20 @@ module.exports = ({ strapi }) => {
           return reject([null, err]);
         }
+        const email = _.toLower(profile.email);
         // We need at least the mail.
-        if (!profile.email) {
+        if (!email) {
           return reject([null, { message: 'Email was not available.' }]);
         }
         try {
           const users = await strapi.query('plugin::users-permissions.user').findMany({
-            where: { email: profile.email },
+            where: { email },
           });
           const advanced = await strapi
-            .store({
-              environment: '',
-              type: 'plugin',
-              name: 'users-permissions',
-              key: 'advanced',
-            })
+            .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
             .get();
           const user = _.find(users, { provider });
@@ -572,11 +567,13 @@ module.exports = ({ strapi }) => {
             .findOne({ where: { type: advanced.default_role } });
           // Create the new user.
-          const params = _.assign(profile, {
-            provider: provider,
+          const params = {
+            ...profile,
+            email, // overwrite with lowercased email
+            provider,
             role: defaultRole.id,
             confirmed: true,
-          });
+          };
           const createdUser = await strapi
             .query('plugin::users-permissions.user')
@@ -590,8 +587,10 @@ module.exports = ({ strapi }) => {
     });
   };
-  const buildRedirectUri = (provider = '') =>
-    `${getAbsoluteServerUrl(strapi.config)}/connect/${provider}/callback`;
+  const buildRedirectUri = (provider = '') => {
+    const apiPrefix = strapi.config.get('api.rest.prefix');
+    return urlJoin(getAbsoluteServerUrl(strapi.config), apiPrefix, 'connect', provider, 'callback');
+  };
   return {
     connect,

package/server/services/role.js ADDED Viewed

@@ -0,0 +1,177 @@
+'use strict';
+const _ = require('lodash');
+const { NotFoundError } = require('@strapi/utils').errors;
+const { getService } = require('../utils');
+module.exports = ({ strapi }) => ({
+  async createRole(params) {
+    if (!params.type) {
+      params.type = _.snakeCase(_.deburr(_.toLower(params.name)));
+    }
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .create({ data: _.omit(params, ['users', 'permissions']) });
+    const createPromises = _.flatMap(params.permissions, (type, typeName) => {
+      return _.flatMap(type.controllers, (controller, controllerName) => {
+        return _.reduce(
+          controller,
+          (acc, action, actionName) => {
+            const { enabled /* policy */ } = action;
+            if (enabled) {
+              const actionID = `${typeName}.${controllerName}.${actionName}`;
+              acc.push(
+                strapi
+                  .query('plugin::users-permissions.permission')
+                  .create({ data: { action: actionID, role: role.id } })
+              );
+            }
+            return acc;
+          },
+          []
+        );
+      });
+    });
+    await Promise.all(createPromises);
+  },
+  async getRole(roleID) {
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .findOne({ where: { id: roleID }, populate: ['permissions'] });
+    if (!role) {
+      throw new NotFoundError('Role not found');
+    }
+    const allActions = getService('users-permissions').getActions();
+    // Group by `type`.
+    role.permissions.forEach(permission => {
+      const [type, controller, action] = permission.action.split('.');
+      _.set(allActions, `${type}.controllers.${controller}.${action}`, {
+        enabled: true,
+        policy: '',
+      });
+    });
+    return {
+      ...role,
+      permissions: allActions,
+    };
+  },
+  async getRoles() {
+    const roles = await strapi.query('plugin::users-permissions.role').findMany({ sort: ['name'] });
+    for (const role of roles) {
+      role.nb_users = await strapi
+        .query('plugin::users-permissions.user')
+        .count({ where: { role: { id: role.id } } });
+    }
+    return roles;
+  },
+  async updateRole(roleID, data) {
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .findOne({ where: { id: roleID }, populate: ['permissions'] });
+    if (!role) {
+      throw new NotFoundError('Role not found');
+    }
+    await strapi.query('plugin::users-permissions.role').update({
+      where: { id: roleID },
+      data: _.pick(data, ['name', 'description']),
+    });
+    const { permissions } = data;
+    const newActions = _.flatMap(permissions, (type, typeName) => {
+      return _.flatMap(type.controllers, (controller, controllerName) => {
+        return _.reduce(
+          controller,
+          (acc, action, actionName) => {
+            const { enabled /* policy */ } = action;
+            if (enabled) {
+              acc.push(`${typeName}.${controllerName}.${actionName}`);
+            }
+            return acc;
+          },
+          []
+        );
+      });
+    });
+    const oldActions = role.permissions.map(({ action }) => action);
+    const toDelete = role.permissions.reduce((acc, permission) => {
+      if (!newActions.includes(permission.action)) {
+        acc.push(permission);
+      }
+      return acc;
+    }, []);
+    const toCreate = newActions
+      .filter(action => !oldActions.includes(action))
+      .map(action => ({ action, role: role.id }));
+    await Promise.all(
+      toDelete.map(permission =>
+        strapi
+          .query('plugin::users-permissions.permission')
+          .delete({ where: { id: permission.id } })
+      )
+    );
+    await Promise.all(
+      toCreate.map(permissionInfo =>
+        strapi.query('plugin::users-permissions.permission').create({ data: permissionInfo })
+      )
+    );
+  },
+  async deleteRole(roleID, publicRoleID) {
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .findOne({ where: { id: roleID }, populate: ['users', 'permissions'] });
+    if (!role) {
+      throw new NotFoundError('Role not found');
+    }
+    // Move users to guest role.
+    await Promise.all(
+      role.users.map(user => {
+        return strapi.query('plugin::users-permissions.user').update({
+          where: { id: user.id },
+          data: { role: publicRoleID },
+        });
+      })
+    );
+    // Remove permissions related to this role.
+    // TODO: use delete many
+    await Promise.all(
+      role.permissions.map(permission => {
+        return strapi.query('plugin::users-permissions.permission').delete({
+          where: { id: permission.id },
+        });
+      })
+    );
+    // Delete the role.
+    await strapi.query('plugin::users-permissions.role').delete({ where: { id: roleID } });
+  },
+});

package/server/services/user.js CHANGED Viewed

@@ -9,7 +9,7 @@
 const crypto = require('crypto');
 const bcrypt = require('bcryptjs');
-const { sanitizeEntity, getAbsoluteServerUrl } = require('@strapi/utils');
+const { getAbsoluteServerUrl, sanitize } = require('@strapi/utils');
 const { getService } = require('../utils');
 module.exports = ({ strapi }) => ({
@@ -114,29 +114,21 @@ module.exports = ({ strapi }) => ({
     return strapi.query('plugin::users-permissions.user').delete({ where: params });
   },
-  async removeAll(params) {
-    return strapi.query('plugin::users-permissions.user').delete({ where: params });
-  },
   validatePassword(password, hash) {
     return bcrypt.compare(password, hash);
   },
   async sendConfirmationEmail(user) {
     const userPermissionService = getService('users-permissions');
-    const pluginStore = await strapi.store({
-      environment: '',
-      type: 'plugin',
-      name: 'users-permissions',
-    });
+    const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });
+    const userSchema = strapi.getModel('plugin::users-permissions.user');
     const settings = await pluginStore
       .get({ key: 'email' })
       .then(storeEmail => storeEmail['email_confirmation'].options);
-    const userInfo = sanitizeEntity(user, {
-      model: strapi.getModel('plugin::users-permissions.user'),
-    });
+    // Sanitize the template's user information
+    const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(userSchema, user);
     const confirmationToken = crypto.randomBytes(20).toString('hex');
@@ -144,11 +136,13 @@ module.exports = ({ strapi }) => ({
     settings.message = await userPermissionService.template(settings.message, {
       URL: `${getAbsoluteServerUrl(strapi.config)}/auth/email-confirmation`,
-      USER: userInfo,
+      USER: sanitizedUserInfo,
       CODE: confirmationToken,
     });
-    settings.object = await userPermissionService.template(settings.object, { USER: userInfo });
+    settings.object = await userPermissionService.template(settings.object, {
+      USER: sanitizedUserInfo,
+    });
     // Send an email to the user.
     await strapi